Further legal and regulatory developments

On 12 July 2024, ESMA published the availability of a number of new Q&As. ESMA has added two new Q&As to the Q&A on the AIFMD.

Initial capital and additional own funds

This clarification addresses whether internally managed AIFs are required to maintain initial capital and additional own funds separately from the collective investment undertaking’s assets. ESMA confirms that these entities must ensure that their own funds are kept separate and not included in the fund’s NAV. These funds should be preserved to cover potential exposures from professional liability and not invested according to the fund’s strategy or distributed to investors.

Notification upon establishment of a branch

This clarification pertains to the requirement for notification when an AIFM establishes a branch in another Member State solely for activities like real estate administration, which are considered ancillary functions under the AIFMD. ESMA explains that a notification to the competent authorities of the AIFM's home Member State is not required for such activities if they are the only functions performed by the branch. However, the AIFM may still need to provide relevant information under different legal requirements, such as outlining its organisational structure upon authorisation.

ESMA further added several new clarifications in its Q&A on the MiCA Regulation. These clarifications address various aspects of crypto-asset services under MiCA.

Treatment of staking services in MiCA

ESMA clarified that MiCA does not prohibit staking-related services. Staking, where crypto-assets are immobilised to support blockchain consensus mechanisms, is not subject to specific MiCA requirements or licensing. However, when staking services are provided by intermediaries, these services are considered ancillary to custody services. This means that staking service providers must be authorised under MiCA for the custody and administration of crypto-assets on behalf of clients. The providers must also ensure compliance with MiCA's provisions, including the safe return of assets and liability for any loss of crypto-assets.

Grandfathering clause and applicable AML laws

ESMA confirmed that entities providing crypto-asset services under national AML laws before 30 December 2024 may benefit from the grandfathering clause under Article 143(3) MiCA. This allows them to continue operating within the Member State where they are registered until they are either granted or refused MiCA authorisation. However, these entities do not benefit from a passporting regime under MiCA and can only operate within their registered jurisdiction until full MiCA compliance is achieved.

Interaction between Article 60 notifications and the CASP transitional phase

Financial entities that provided crypto-asset services under national law before 30 December 2024 can rely on the transitional provision under Article 143(3) MiCA, even if they are not required to seek MiCA authorisation under Article 63. These entities must notify the relevant information to the competent authority of their home Member State as required by Article 60 MiCA if they wish to continue providing crypto-asset services.

Simplified authorisation procedures

Entities authorised under national law to provide crypto-asset services by 30 December 2024 may benefit from a simplified authorisation procedure under MiCA, as outlined in Article 143(6). This simplified procedure is available for a limited period of 18 months and applies only if certain conditions are met. Entities that were merely registered under the AML framework, rather than fully authorised, are not eligible for this simplified procedure.

Crypto-asset transfers as component of another crypto-asset service or as a separate service

ESMA clarified that a crypto-asset transfer offered as part of another crypto-asset service, such as custody or order execution, is subject to the authorisation requirements under Article 59 MiCA. If the transfer of crypto-assets qualifies as a separate service under Article 3(1), point (26) of MiCA, it must meet the specific authorisation requirements. Even when transfers are part of another service, they are still subject to Article 82 MiCA, including the guidelines issued under Article 82(2).

Entities not authorised as CASPs by the end of the transition period

Entities providing crypto-asset services under national law before 30 December 2024 must cease operations if they have not been authorised as CASPs by the end of the transition period in the relevant Member State. These entities can continue to provide services until 1 July 2026 or until they are granted or refused authorisation, whichever comes first. It is advised that such entities apply for MiCA authorisation early to avoid service disruptions.

Entities that have not applied for CASP authorisation, or whose application has been refused

Entities that have not applied for CASP authorisation or whose applications have been refused by the end of the transition period must stop providing crypto-asset services. These entities should plan to wind down their operations in compliance with applicable laws to minimise negative impacts on their clients.

On 29 July 2024, the CSSF published an update of the existing form for requesting a ELTIF following amendments introduced by Regulation (EU) 2023/606, which has been effective since 10 January 2024. This update simplifies the authorisation procedures for ELTIFs within existing or new Luxembourg investment structures, such as UCI Part II, SIF or SICAR, by streamlining the application questionnaire.

The revised form, available for submissions after 29 July 2024, integrates optional requests, automatically greying out irrelevant sections based on the applicant's selections. This aims to expedite and clarify the approval process, ensuring that key information is addressed early on. The updated questionnaire is mandatory for both new authorisations and substantial modifications to existing ELTIFs. Applicants must ensure the form is accurately completed, with guidance provided in the form's footnotes.

On 24 July 2024, the CSSF published a reminder to Luxembourg depositaries overseeing AIFs investing in illiquid assets. The CSSF has observed inconsistencies in how depositaries conduct their safekeeping duties, particularly in ownership verification and record keeping. It emphasises that controls must be conducted before the acquisition of illiquid assets, rather than relying solely on checks after the fact. This ensures compliance with the relevant regulations and supports the timely settlement of transactions. The CSSF expects depositaries to follow a structured process involving pre-payment verification, consistency checks during payment, and post-payment confirmation of asset ownership. AIF managers are also required to promptly provide all necessary information to depositaries to facilitate these controls.

On 26 July 2024, the CSSF published a policy statement in connection with the Overseas Funds Regime in relation to the UK Financial Conduct Authority’s publication of a policy statement detailing the final rules and guidance for implementing the Overseas Funds Regime, which will replace the Temporary Marketing Permissions Regime when it expires. The CSSF advises Luxembourg-based management companies to carefully monitor the developments to ensure the continuation of their marketing activities in the UK. Further details and specifications are available on the UK Financial Conduct Authority’s website.

On 17 July 2024, the European Supervisory Authorities (ESAs) issued the second batch of policy products under the Digital Operational Resilience Act (DORA). The package focuses on the reporting framework for ICT-related incidents (reporting clarity, templates) and threat-led penetration testing, while also introducing some requirements on the design of the oversight framework, which enhance the digital operational resilience of the EU financial sector. The ESAs published the following final draft technical standards:

• RTS and ITS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyberthreats;
• RTS on the harmonisation of conditions enabling the conduct of the oversight activities;
• RTS specifying the criteria for determining the composition of the joint examination team (JET); and
• RTS on threat-led penetration testing (TLPT).

The set of guidelines include:

• Guidelines on the estimation of aggregated costs/losses caused by major ICT-related incidents; and
• Guidelines on oversight cooperation.

Financial entities must include in contractual arrangements on the use of ICT services a clear and complete description of all functions and ICT services to be provided by the ICT third-party service provider, indicating whether subcontracting of an ICT service supporting critical or important functions, or material parts thereof, is permitted and, when that is the case, the conditions applying to such subcontracting. The RTS specifies the elements which a financial entity needs to determine and assess when subcontracting ICT services supporting critical or important functions.

Pursuant to DORA, financial institutions are required to hold and update a register of information for all agreements with third party ICT-service providers. The Dutch Central Bank (DNB) has provided a draft standard model of such register of information.